This is a full-time salaried exempt position working for our client, a major not-for-profit organization in the San Diego, CA area.
Will report to the IT Risk and Compliance Officer.
Responsible for leading and/or participating in IT compliance and risk management projects. Must have extensive knowledge and experience in IT risk, maintaining quality service standards, and ability to partner with organizations outside the department.
Must work onsite.
Essential Duties and Responsibilities
Evaluate new technology projects, and changes to existing technology environment. Perform technology risk assessments to identify potential risk and collaborate with IT groups to develop remediation plans as necessary.
Perform Vendor Risk Assessments according to a defined schedule. Work with business owners to develop vendor remediation plans.
Perform User Access Management Risk Assessments for critical applications on a semi-annual basis. Work with business owners to develop remediation plans.
Develop remediation plans for regulatory and audit findings related to IT.
Establish and maintain a holistic remediation program. The program will include remediation steps from all risk assessments and audit observations. Ensure timely remediation and tests to ensure adequacy of remediation when applicable. Report on overall health of the organization.
Provide oversight to the vulnerability management program to ensure patching, configuration modifications, and code changes occur within SLAs as defined in the vulnerability management program. Create metrics and regularly report on the health of vulnerability management.
Create and maintain data flow diagrams that depict security controls in the environment.
Maintain DR/BCP program as it pertains to BIA updates and testing.
Create security presentations and perform security education and awareness training as required.
Perform branch risk assessments on a scheduled basis. Assessment activities will include evaluating physical and logical security posture, customized training for branch employees, and completion of a branch security risk report.
Develop and maintain the TraceSecurity CSO (GRC) portal as it pertains to risk assessment and audit functionality.
Perform other functions as designated by the IT Compliance and Risk Officer.
Follow AML/BSA guidelines to identify and refer suspicious activity, perform OFAC comparisons, and identify individuals in accordance with branch procedures. Participate in AML/BSA compliance training as assigned.
Provide on-call support for after-hours security-related issues.
CISSP, CRISC, CISA, or other Security, Audit, Risk, or Technology certifications desired.
5+ years’ combined experience in IT, Security, and Risk Management.
Results-driven functioning under minimum supervision.
Able to multitask between multiple initiatives simultaneously.
Excellent communication skills required.
Strong benefits package.
Salary commiserate with experience.
Cannot sponsor work visas or accept 3rd party candidates.